Alleged mastermind behind “SpyEye” botnet tools extradited to US

On Friday, the US Department of Justice announced the extradition from Thailand of Hazma Bendelladj, a 24-year old Algerian man accused of being "BX1," the author and marketer of the SpyEye botnet toolkit. SpyEye, a derivative of the Zeus botnet toolkit, is among the most widely-used financial fraud malware packages in the world. Bendelladj is being prosecuted by the US Attorney's Office for the Northern District of Georgia in Atlanta because one of the servers in the command and control (C&C) network was in an Atlanta data center.

The FBI and Department of Justice allege that Bendelladj acted as a full-service malware provider, marketing his tools in online underground marketplaces to would-be financial fraudsters. He is also alleged to have operated a C&C network for hire for SpyEye bots, allowing cyber-criminals to control the malware they had dropped onto victims' computers and deploy "injectors" for various financial institutions' websites. The injectors allowed the malware to add code to e-banking websites tailored to their designs and capture victims' credentials. A server in Georgia seized by law enforcement officials was found to have information on accounts for "approximately 253 unique financial institutions," according to a Department of Justice statement.

Bendelladj was arrested in Bangkok in January, as he was traveling from Malaysia to Egypt. The Department of Justice had a sealed indictment for Bendelladj since December of 2011, which included 23 charges (10 for wire fraud, 11 for computer fraud, and two conspiracy charges). If convicted on all counts, he could face a combination of sentences that could keep him in prison for the rest of his life, plus fines of up to $14 million.

The US did not overstep its authority this time. Megaupload, yes, this time, no. It's not logical to even think so. Not a very smart guy and you do not need "skills" to do what he did. I do not like botnets, Anybody who deploys them should spend a lengthy sprint in prison with no access to computer technology. Believe it or not, there are dimwits that really admire this piss ant. It's really sad that someone like this person could sink so low.

So I wonder what the mob opinion on this will boil down to between this being a gross overreach of U.S. authority like the Megaupload stuff was, or reasonable protection of U.S. property.

The guy was stupid enough to have US servers. The smart criminal would have had them elsewhere. Unlike mega where it was and still is a gross misconduct of justice over what happened, this seems a reasonably fair use of extradition, if the guy was attacking US banks.

debate

More and more we see the descent of the United States of America into an Orwellian regime where the face is a republic but the inner workings are much more sinister. /debate

Sweet, now we can put him to work on our electronic warfare programs. Or he can spend life in prison. Choices...

I wouldn't trust him to safeguard anything. It's quite obvious he has little disregard for other peoples stuff.

Sure the guy is talented, but trustworthy? I think he has demonstrated that he is not.

Stick him in a pound me in the ass prison for 30 years, then let him out when his skills are woefully outdated.

I think this guy should be prosecuted to the full extent of the law, but am baffled why people like you think your fetishy fantasies of "Stick him in a pound me in the ass prison" serves the purposes of justice.

Sweet, now we can put him to work on our electronic warfare programs. Or he can spend life in prison. Choices...

I wouldn't trust him to safeguard anything. It's quite obvious he has little disregard for other peoples stuff.

Sure the guy is talented, but trustworthy? I think he has demonstrated that he is not.

Stick him in a pound me in the ass prison for 30 years, then let him out when his skills are woefully outdated.

I think this guy should be prosecuted to the full extent of the law, but am baffled why people like you think your fetishy fantasies of "Stick him in a pound me in the ass prison" serves the purposes of justice.

Christ.

I was referencing Office Space. Nothing other than a movie reference was intended.

Sweet, now we can put him to work on our electronic warfare programs. Or he can spend life in prison. Choices...

I wouldn't trust him to safeguard anything. It's quite obvious he has little disregard for other peoples stuff.

Sure the guy is talented, but trustworthy? I think he has demonstrated that he is not.

Stick him in a pound me in the ass prison for 30 years, then let him out when his skills are woefully outdated.

I think this guy should be prosecuted to the full extent of the law, but am baffled why people like you think your fetishy fantasies of "Stick him in a pound me in the ass prison" serves the purposes of justice.

Christ.

I was referencing Office Space. Nothing other than a movie reference was intended.

Because EVERY time it is mentioned it spirals into a tangent about how prison rape is or is not pervasive/deserved/effective deterrent. It's not like you'd expect the audience of a geek-oriented site to know about the best cube-dweller comedy of all time.

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.